Hi there
How does one realize if a php script is secure or not? Most of the scripts i've written have been by taken bits and pieces from here and there and then adjusting them according to the project specs...

But how do I know if it's secure against someone hacking into the database and seeing info they are not supposed to see?

Are there general security bits out there? What sort of things are the most vulnerable and how can one prevent that?

Thanks

Try having a look in here ->http://www.php.net/manual/en/security.php


Generally, all the vulnerability comes from accepting input from users - either in the URL or in a form, and then not checking it hasn't got SQL or <SCRIPT> tags in it...

I'd say the major ones related to not sanitizing input are SQL injection, HTTP splitting and XSS.. I was going to make a thread about security(maybe someone else can.. i've been busy) to show the common vulnerabilities and how to fix them..

Being somewhat of a newbie to PHP, I'd LOVE to see a thread dedicated to PHP security.

*Nick*